I am challenging the OSCP certification next Saturday (August 21st). I think I am ready now. I have done all exercices and practice all techniques in the lab. I did many "extra mile" exercices. I have hacked into several servers in the lab and I now have many scripts to help me automate tasks. I should be done organizing my notes this afternoon.

So, with only one week left, I was thinking of, in priority order:

1) Review the exercices I have done a while ago, to refresh my memory

2) Prepare a "game plan" and practice it on a few lab machines. What I mean by that is to, for example, pick up 5 lab machines I haven't exploited yet and act like if they were part of was the real exam. So go through reconnaissance, scanning, etc

Are you doing the report in the class? Before I ran out of lab time, I actually zipped up the vulnerable web application they had written for students to break (on your assigned XP machine), and stuck it on a VM of mine to practice on.

About a week before the exam, I spent it going over owning some of the lab machines I had already penetrated but focusing mainly on the Multi-Step machines as oppose to the launch a remote-root exploit and gain access to the machines. I also spent it getting together the final lab report.

Don't know if this will help you prep but here's my review of it:PWB v3.0 Review

focusing mainly on the Multi-Step machines as oppose to the launch a remote-root exploit and gain access to the machines

@xXxKrisxXx - Could you give me a few examples (in the lab, not the exam!) of multi-step exploitation? I have done many so far in the lab, but I want to know if I have missed some... (which is propably the case!)

1.) As you'll be tired after the exam (unless you get enough points, fairly early on, like I did, to pass), make sure your report is done, up to the point of adding the exam data into it, as you only get an additional 24 hours after the exam to submit it all.

2.) Forgot about any scripts you've currently got written... (no kidding) While the knowledge of HOW to script stuff comes in handy, and you might script a few things, most of the scripting I'd done during the labs ended up wasting time in the exam. I won't explain exactly why, as to not give anything away, but for the most part, very little extra scripting was needed, when I sat the exam. You could do a few minor things, in an automated fashion, but aside of that, you'll spend more time working on your attack vectors, etc., and less time on heavy scripting. I saw someone else, not long ago, had said something similar... All of the extra effort he put into automating and scripting up things, before the exam, ended up being a waste of time and he threw them out the window fairly early on, and what scripts he DID use, he wrote, quickly, during the exam.

My 2 cents, anyway...

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

@xXxKrisxXx - Could you give me a few examples (in the lab, not the exam!) of multi-step exploitation? I have done many so far in the lab, but I want to know if I have missed some... (which is propably the case!) Huh

H1t M0nk3y - Sure. These are the machines that have taken multiple steps to penetrate that you've gotten. Like for example, you had to social engineer a client to click a link to enumerate software versions on the machine then social engineer them to open a malicious pdf file. Or even like step 1 - crack an ssh account, 2 - wget a privilege escalation exploit onto the machine 3 - Compile / chmod permissions 4 - run the exploit and get root privs. This would be considered a multi-step process because it's just not like, launch the remote exploit get a shell type thing. These are useful to practice because you can't expect the exam to be a simple launch an existing remote-exploit against a machine and get root privileges on it.

My exam seems still far away with about 12 days of lab time left. I've owned several machines now, including some linux boxes that took multiple steps to get root on. I still don't feel ready for the exam at all. Though it feels like my "skills" are improving

I'll make sure I have all the exercises completed etc, because I've heard it can help you pass the exam.

great advice guys! i will look into some of them tomorrow...i think you can all guess why you havent heard from me in a little while. im alos in the last days of my lab time and i want to use every last minute of it. i think i feel the same way as zeroflaw: i have learned a lot these past 2 months, but i am really afraid i am not ready. i got though on about 50% of the systems (some root, some just a shell), which makes it even more exiting to see whats coming at the exam. i must say i enjoyed every minute of it! heck, you would almost intentionally fail the exam just to take the whole course again for the fun of it! expect a new written part of the walkthrough soon!

CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net

Don't over-stress yourself! Believe me when I tell you, if you've honestly put in the hours on the lab machines, and have successfully exploited numerous different Windows AND Linux machines, you ARE capable of passing the exam. That's NOT to say it's a simple thing, but if you understand how to enumerate services, how to find exploits on the exploitdb and other sites, and have some idea how to customize existing exploits, like the course teaches you, for differing OS service packs, etc, then you should be able to pass.

Don't underestimate yourselves, and remember, while you may or may not pass, with a perfect score or otherwise, even after OSCP, the world of pentesting is a neverending learning stream.

I'll also tell you this. There may be more than one way to 'skin the cat' against the exam machines, just as some of the lab machines had more than one way to attack / penetrate / exploit them, and you'd often find in real-world pentests. I can tell you, based on discussions with others who have passed, that in a few cases, we approached some of the exam machines VERY differently, yet we all still exploited / root'd them. When you pass, you'll enjoy talking to others, and learning from their experiences / methods. I've already learned some new things, SINCE taking the test, from the others' discussions. Well worth the time, effort, and comradery that you'll have put in, and received, in the end.

So feel comfortable with what you've accomplished in the labs so far, and if you UNDERSTAND what you've done, and the logic and methods behind it, you're well on your way to a passing score on the exam, already. Don't stress, relax, and just make sure that you get plenty of rest, prior to taking it. In fact, someone else on here had mentioned that they'd only spent time on about 7 of the lab machines, before taking and passing OSCP. Not to say it's EASY, and that means that person has some wealth of knowledge and experience to draw from, obviously, but to say that the key behind the labs is to get you thinking like a hacker / pentester, and to teach you how to engineer your own methods / solutions to situations. Not necessarily to hand you exact duplicates of exam machines, so that if you've beaten every lab box, you'll definitely know how to accomplish root on every exam machine. It's all about learning and preparation for things to come.

Good luck to all, and let us know, pass or fail, so that we can congratulate you, or encourage you to work harder and pass the next time!

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

if you understand how to enumerate services, how to find exploits on the exploitdb and other sites, and have some idea how to customize existing exploits, like the course teaches you, for differing OS service packs, etc, then you should be able to pass.

Thanks for encouraging us hayabusa!

I will definitively continue working in the lab this week. I will also make sure I revise all the course material before Saturday.